Establishing consent for cardless transactions using short-range transmission

ABSTRACT

In one aspect, a method includes automating, via an application running on a computing device, consent for cardless payment transactions upon a determination that a received signal strength indication satisfies a threshold; monitoring, while the application is running in a background on the computing device, received signal strength indications of other computing devices that are proximate to the computing device; determining, based on the monitoring and by the application, that a received signal strength indication associated with another computing device satisfies the threshold using an automatically enabled short-range wireless communication protocol; and causing, by the application and based on the received signal strength indication satisfying the threshold, the payment service to process a cardless payment transaction between another user associated with the other computing device and the user, wherein the consent for the cardless payment transaction is automatically provided based on the received signal strength indication satisfying the threshold.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority to and is a continuation of U.S. patent application Ser. No. 14/065,760, filed on Oct. 29, 2013, which claims the benefit under 35 U.S.C. § 119(e) of the filing date of U.S. Provisional Patent Application No. 61/719,897, filed on Oct. 29, 2012, entitled “Establishing Consent for Cardless Transactions Using Short-Range Transmission,” the entirety of which is herein incorporated by reference.

TECHNICAL FIELD

This disclosure relates to cardless payment transactions.

BACKGROUND

In a conventional point-of-sale electronic credit card transaction, the transaction is authorized and captured. In the authorization stage, a physical credit card with a magnetic stripe is swiped through a merchant's magnetic card reader or a physical credit card with a chip is inserted into a merchant's reader, for example, as part of a point-of-sale device. A payment request is sent electronically from the magnetic card reader to a credit card processor. The credit card processor routes the payment request to a card network, e.g., Visa or Mastercard, which in turn routes the payment request to the card issuer, e.g., a bank. Assuming the card issuer approves the transaction, the approval is then routed back to the merchant. In the capture stage, the approved transaction is again routed from the merchant to the credit card processor, card network and card issuer, and the payment request can include the cardholder's signature (if appropriate). The capture state can trigger the financial transaction between the card issuer and the merchant, and optionally creates a receipt. There can also be other entities, e.g., the card acquirer, in the route of the transaction. Debit card transactions have a different routing, but also require swiping of the card.

SUMMARY

In one aspect, a method for processing a cardless payment includes receiving, by a first mobile device, a signal from a second mobile device using a short-range wireless transmission protocol. A received signal strength indication of the signal is determined and used to determine whether the first mobile device and the second mobile device are in proximity. Upon receiving the determination of proximity, either consent for a cardless payment transaction is automatically established, or a user is provided the opportunity to express consent for the cardless payment transaction.

In some embodiments, the short-range wireless transmission protocol is Bluetooth or Bluetooth low energy (BLE).

In another aspect, a method for verifying a cardless payment transaction between a merchant and a payer includes receiving an indication of consent by the payer to enter into a cardless payment transaction with the merchant. A token is generated at the payer mobile device, the token including a signature based on a merchant identifier, a payer identifier, a timestamp, or any combination thereof. The token is provided to the merchant mobile device using a short-range wireless data transmission for verification of a transaction between the payer and the merchant.

In some embodiments, the token is provided using Bluetooth low energy, near field communication, or optical codes.

In another aspect, a system includes one or more computers operable to perform the following operations: determining that a payer mobile device and a merchant mobile device are in proximity; receiving an indication of consent by a payer to enter into a cardless payment transaction with a merchant; generating a token including a signature based on a merchant identifier, a payer identifier, a timestamp, or any combination thereof generating, using the token, a message requesting authentication of the cardless payment transaction between the payer and the merchant; and verifying the authenticity of the transaction by verifying the signature of the token.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic illustration of an example cardless payment system.

FIGS. 2A-2B show an example user interface used in establishing consent in a cardless payment transaction.

FIGS. 3-6 illustrate example processes for establishing proximity and consent in a cardless payment transaction using short-range wireless transmission.

Like reference numbers and designations in the various drawings indicate like elements.

DETAILED DESCRIPTION

FIG. 1 is a schematic illustration of an example cardless payment system 100. The term “cardless payment transaction” as used herein refers to a payment transaction where an account associated with the card can be charged but a card is not physically presented (e.g., a card is not swiped or read). The system includes a mobile device 105 associated with a payer, a mobile device 110 associated with a payee/merchant, and a payment service 115. The payment service 115 can communicate wirelessly with the payer mobile device 105 and/or the merchant mobile device 110. The payer device 105 and the merchant device 110 can communicate and pass signals using a short-range wireless transmission protocol, such as, Bluetooth or Bluetooth low energy (BLE). The merchant 5 device 110 and/or the payer device 105 can send data to the payment service, such as, location data or payment transaction data.

Location data can be used by the payment service 115 to establish payer consent to enter into a cardless payment transaction with a merchant. A payer can establish consent to enter into a cardless payment transaction when the payer device 105 is in proximity (e.g., within a predetermined location) with the merchant device 110. Proximity can be established based on location data, such as, GPS data, Wi-fi data, and/or data from short-range data transmission signals (e.g., Bluetooth or BLE).

After consent is established, the merchant can process a transaction using its mobile device 110 by indicating the goods/services being provided and the amount to be paid under the transaction. For example, the merchant can be a coffee shop and payer can purchase coffee and pastries. The merchant device 110 sends payment transaction data (e.g., details about goods/services, amount to be paid, location of transaction, etc.) to the payment service 115. The payment service 115 processes the transaction for payment on behalf of the merchant by communicating with the receiving and issuing banks. The payment service 115 can post funds to the merchant's account at the receiving bank using the payment service's funds and request payment from the payer's issuing bank for the amount under the transaction.

FIGS. 2A-2B show an example user interface for establishing consent in a cardless payment transaction. Payer consent to enter into a cardless payment transaction can be established when a payer device (e.g., the payer device 105 of FIG. 1 ) and a merchant device (e.g., the merchant device 110 of FIG. 1 ) are in proximity to one another. In some examples, a payer is given the option to provide consent to a payment service when the payer is in proximity with a merchant. FIG. 2A shows an example user interface allowing a payer user to establish consent when the payer is in proximity with a merchant. When the payer device is in proximity with the merchant device, the payment service can provide an interactive element displayed on a mobile application running on the payer device, allowing a payer user to establish consent. The example interface displays interactive elements 200A or 200B that allow a user to “open a tab” associated with a merchant 205A or 205B via a gesture based input, thereby providing the payment service an indication of consent to enter into a cardless payment transaction with the particular merchant.

In another example, the payment service automatically determines that there is consent to enter into the cardless payment transaction when the payer device is in sufficient proximity with the merchant device. FIG. 2B shows an example user interface allowing a payer user to authorize automatic consent when the payer is in proximity with a merchant. The interface can include an interactive element 210. A payer user can interact with the element 210 (e.g., via a gesture based input) indicating to the payment service that consent is to be automatically established when the payer's device is in proximity with a merchant's device.

FIGS. 3-6 show example processes for establishing proximity based consent in a cardless payment transaction using short-range wireless data transmission. FIG. 3 shows a payer device 300 and a merchant device 305 that communicate using a short-range wireless transmission protocol, such as Bluetooth or BLE. Payer device 300 can broadcast a signal received by merchant device 305. A measurement of proximity of the payer device 300 to the merchant device 305 can be determined based on a received signal strength indication (RSSI) of the signal passed between the merchant device 305 and the payer device 300. For example, a payment service (e.g., payment service 115 of FIG. 1 ) can determine that the merchant and payer are in sufficient proximity to one another to trigger payer consent when the RSSI exceeds a predetermined threshold value. If the payment service determines that the payer and merchant are sufficiently in proximity with one another, the payment service can provide the payer device 300 with an option for the user to establish consent (e.g., as described in FIG. 2A) or automatically establish consent (e.g., as described in FIG. 2B).

In some examples, the payer device may be triggered/prompted to use a short-range wireless data transmission (e.g., Bluetooth, BLE), if certain conditions are satisfied. Reasons for limiting the time during which a device runs Bluetooth or BLE can include, for example, extending battery life of the device. FIG. 4 shows an example of using geofencing to trigger a device to run a short-range wireless signal process. The payer device 400 as shown in FIG. 4 is not running short-range wireless data transmission processes (e.g., is not broadcasting/running Bluetooth or BLE). Once the payer device 400′ enters a geofence 403 around merchant device 405, an instruction triggers/prompts the payer device 400′ to begin running short-range wireless processes (e.g., run Bluetooth/BLE). A measure of proximity for consent can be determined based on a RSSI for the short-5 range wireless signal between payer device 400′ and merchant device 405. If the RSSI exceeds a predetermined threshold, the payment service determines that the merchant and payer are sufficiently in proximity with one another, and can provide the payer device 400′ with an option for the user to establish consent (e.g., as described in FIG. 2A) or automatically establish consent (e.g., as described in FIG. 2B).

FIG. 5 shows another example of using geofencing to trigger or prompt a mobile device to run short-range wireless data transmission processes. A geofence 503 can be established around payer device 500. When the payer device 500′ exits the geofence 503, the device 500′ is triggered/prompted to start running a short-range wireless process (e.g., starts running Bluetooth or BLE). A RSSI for a short-range wireless signal (e.g., a Bluetooth or BLE signal) between the payer device 500′ and a merchant device 505 can then be used to determine whether the devices are sufficiently in proximity to establish consent. If the RSSI exceeds a predetermined threshold, the payment service determines that the merchant and payer are sufficiently in proximity with one another, and can provide the payer device 500′ with an option for the user to establish consent (e.g., as described in FIG. 2A) or automatically establish consent (e.g., as described in FIG. 2B).

FIG. 6 shows an example where a payer device 600 communicates with a merchant device 605 using short-range wireless communication (e.g., Bluetooth or BLE. In some examples, merchant device 605 communicates with the payment service 610 acting, in part, as a conduit for the payer device 600 by sending information/data from payer device 600 (e.g., if the payer device 600 is offline). Either one of the merchant device 605 or payer device 600 can broadcast and/or read short-range wireless signals (e.g., broadcasting or reading Bluetooth or BLE signals). Merchant device 605 can communicate with the payment service 610 to determine whether the devices are sufficiently in proximity with one another to establish consent based on an RSSI of a short-range wireless signal.

Different techniques can be used to address security of information/data being passed between payer device 600 and merchant device 605. For example, a payer device 600 can exchange a certificate with a merchant device 605 that can be used to encrypt the data. A payer device 600 could also have a token that can be used to encrypt the data. The token can be single use (e.g., expires after use in a payment transaction). The payer device 600 can also have a seed value that based on its last connection with the server of the payment service. The seed can be used to generate values used for encryption. In some examples, the token is merchant-specific where a payer/customer has a pre-existing relationship with the payee/merchant (e.g., the payer saved a merchant card to their favorites). In one embodiment, the payer mobile device 600 generates a single-use key by digitally signing various factors about the transaction (e.g., merchant ID, payer ID, and timestamp). The key can be used to authorize a transaction between the payer and the merchant for a limited period of time (e.g., expires if is not used after a period of time). The key can be transmitted from the payer mobile device 600 to the merchant mobile device 605 via optical (e.g., QR) code and/or short-range data transmission (e.g., BLE, NFC). The merchant device 605 can transmit the key to the back-end payment service 610 as part of a transaction authorization message request. The back-end payment service 610 can verify the authenticity of the transaction by verifying the signature of the key.

Embodiments of the subject matter and the operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions, encoded on a non-transitory computer storage medium for execution by, or to control the operation of, data processing apparatus. Alternatively or in addition, the program instructions can be encoded on an artificially-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable a receiver apparatus for execution by a data processing apparatus. A computer storage medium can be, or be included in, a computer-readable storage device, a computer-readable storage substrate, a random or serial access memory array or device, or a combination of one or more of them. Moreover, while a computer storage medium is not a propagated signal, a computer storage medium can be a source or destination of computer program instructions encoded in an artificially-generated propagated signal. The computer storage medium can also be, or be included in, one or more separate physical components or media (e.g., multiple CDs, disks, or other storage devices).

The operations described in this specification can be implemented as operations performed by a data processing apparatus on data stored on one or more computer-readable storage devices or received from other sources.

The term “data processing apparatus” encompasses all kinds of apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, a system on a chip, or multiple ones, or combinations, of the foregoing. The apparatus can include special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit). The apparatus can also include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, a cross-platform runtime environment, a virtual machine, or a combination of one or more of them. The apparatus and execution environment can realize various different computing model infrastructures, such as web services, distributed computing and grid computing infrastructures.

A computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, declarative or procedural languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, object, or other unit suitable for use in a computing environment. A computer program may, but need not, correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language resource), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.

The processes and logic flows described in this specification can be performed by one or more programmable processors executing one or more computer programs to perform actions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit).

Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for performing actions in accordance with instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. However, a computer need not have such devices. Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device (e.g., a universal serial bus (USB) flash drive), to name just a few. Devices suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.

To provide for interaction with a user, embodiments of the subject matter described in this specification can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input. In addition, a computer can interact with a user by sending resources to and receiving resources from a device that is used by the user; for example, by sending web pages to a web browser on a user's client device in response to requests received from the web browser.

Embodiments of the subject matter described in this specification can be implemented in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the subject matter described in this specification, or any combination of one or more such back-end, middleware, or front-end components.

The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. In some embodiments, a server transmits data (e.g., an HTML page) to a client device (e.g., for purposes of displaying data to and receiving user input from a user interacting with the client device). Data generated at the client device (e.g., a result of the user interaction) can be received from the client device at the server.

A system of one or more computers can be configured to perform particular operations or actions by virtue of having software, firmware, hardware, or a combination of them installed on the system that in operation causes or cause the system to perform the actions. One or more computer programs can be configured to perform particular operations or actions by virtue of including instructions that, when executed by data processing apparatus, cause the apparatus to perform the actions.

While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any inventions or of what may be claimed, but rather as descriptions of features specific to particular embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.

In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In certain implementations, multitasking and parallel processing may be advantageous.

Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. 

What is claimed is:
 1. A method comprising: automating, via an application running on a computing device, consent for cardless payment transactions upon a determination that a received signal strength indication satisfies a threshold, wherein the computing device is associated with a user having a user account with a payment service, and wherein user account is associated with financial information associated with the user; monitoring, while the application is running in a background on the computing device, received signal strength indications of other computing devices that are proximate to the computing device; determining, based at least in part on the monitoring and by the application, that a received signal strength indication associated with another computing device satisfies the threshold using an automatically enabled short-range wireless communication protocol activated on the computing device; and causing, by the application and based at least in part on the received signal strength indication satisfying the threshold, the payment service to process a cardless payment transaction between another user associated with the other computing device and the user, wherein the processing utilizes the financial information associated with the user account of the user in lieu of payment data associated with a payment card of the user, and wherein the consent for the cardless payment transaction is automatically provided based at least in part on the received signal strength indication satisfying the threshold.
 2. The method of claim 1, wherein the short-range wireless communication protocol is automatically enabled when a condition is satisfied.
 3. The method of claim 2, wherein the condition is satisfied when the computing device is within a geofence of the other computing device.
 4. The method of claim 2, wherein the condition is satisfied when the computing device is not within a geofence defined around the computing device.
 5. The method of claim 1, wherein the short-range wireless communication protocol includes at least one of Bluetooth or Bluetooth low energy (BLE).
 6. The method of claim 1, wherein automating the consent for cardless payment transactions comprises: receiving an initial indication of the consent from the user of the computing device.
 7. The method of claim 6, wherein the initial indication is provided via an interactive interface of the application presented to the user on the computing device.
 8. A device comprising: one or more memories having computer-readable instructions stored therein for an application; and one or more processors configured to execute the computer-readable instructions to configure to the application to: automate consent for cardless payment transactions upon a determination that a received signal strength indication satisfies a threshold, wherein the device is associated with a user having a user account with a payment service, and wherein user account is associated with financial information associated with the user; monitor, the application is running in a background on the device, received signal strength indications of other devices that are proximate to the device; determine, based at least in part on the monitoring and by the application, that a received signal strength indication associated with another device satisfies the threshold using an automatically enabled short-range wireless communication protocol activated on the device; and cause, based at least in part on the received signal strength indication satisfying the threshold, the payment service to process a cardless payment transaction between another user associated with the other device and the user, wherein the processing utilizes the financial information associated with the user account of the user in lieu of payment data associated with a payment card of the user, and wherein the consent for the cardless payment transaction is automatically provided based at least in part on the received signal strength indication satisfying the threshold.
 9. The device of claim 8, wherein the short-range wireless communication protocol is automatically enabled when a condition is satisfied.
 10. The device of claim 9, wherein the condition is satisfied when the device is within a geofence of the other device.
 11. The device of claim 9, wherein the condition is satisfied when the device is not within a geofence defined around the device.
 12. The device of claim 8, wherein the short-range wireless communication protocol includes at least one of Bluetooth or Bluetooth low energy (BLE).
 13. The device of claim 8, wherein the one or more processors are configured to execute the computer-readable instructions to automate the consent for cardless payment transactions based on receiving an initial indication of the consent from the user of the computing device.
 14. The device of claim 13, wherein the initial indication is provided via an interactive interface of the application presented to the user on the device.
 15. One or more non-transitory computer-readable media comprising computer-readable instructions of a payment application, which when executed by one or more processors on a device, cause the device to: automate, via the application, consent for cardless payment transactions upon a determination that a received signal strength indication satisfies a threshold, wherein the device is associated with a user having a user account with a payment service, and wherein user account is associated with financial information associated with the user; monitor, while the application is running in a background on the device, received signal strength indications of other devices that are proximate to the device; determine, using the application and based at least in part on the monitoring and by the application, that a received signal strength indication associated with another device satisfies the threshold using an automatically enabled short-range wireless communication protocol activated on the device; and cause, based at least in part on the received signal strength indication satisfying the threshold, the payment service to process a cardless payment transaction between another user associated with the other device and the user, wherein the processing utilizes the financial information associated with the user account of the user in lieu of payment data associated with a payment card of the user, and wherein the consent for the cardless payment transaction is automatically provided based at least in part on the received signal strength indication satisfying the threshold.
 16. The one or more non-transitory computer-readable media of claim 15, wherein the short-range wireless communication protocol is automatically enabled when a condition is satisfied.
 17. The one or more non-transitory computer-readable media of claim 16, wherein the condition is satisfied when the device is within a geofence of the other device.
 18. The one or more non-transitory computer-readable media of claim 16, wherein the condition is satisfied when the device is not within a geofence defined around the device.
 19. The one or more non-transitory computer-readable media of claim 15, wherein the short-range wireless communication protocol includes at least one of Bluetooth or Bluetooth low energy (BLE).
 20. The one or more non-transitory computer-readable media of claim 15, wherein the execution of the computer-readable instructions further cause the device to automate the consent for cardless payment transactions based on receiving an initial indication of the consent from the user of the computing device. 